| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98176 | 2009-03-14 09:25:00 | Hijackthis, also harddrive going funny | Zheng (13803) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 756299 | 2009-03-14 09:25:00 | my laptop is getting slow lately, especially when starting up . . once i log on it takes about 30 seconds or something to load all the "start up programs" on the other hand, my hard drive some times have noisy, it is hard to describe it but it sounds like a watch or electronic wiring go zizizizizizizi and it sometime freezes for half or a second . . . . is this normal, how can i fix this . thanks for those help out . Appreciated Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 10:17:56 p . m . , on 14/03/2009 Platform: Windows Vista SP1 (WinNT 6 . 00 . 1905) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6001 . 18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng . exe C:\Windows\system32\Dwm . exe C:\Windows\Explorer . EXE c:\PROGRA~1\mcafee . com\agent\mcagent . exe C:\Program Files\Windows Defender\MSASCui . exe C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Windows\RtHDVCpl . exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif . exe C:\Program Files\Fingerprint Reader Suite\psqltray . exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr . exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor . exe C:\Windows\System32\igfxtray . exe C:\Windows\System32\hkcmd . exe C:\Windows\System32\igfxpers . exe C:\Program Files\Dell Support Center\bin\sprtcmd . exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray . exe C:\Program Files\SetPoint\SetPoint . exe C:\Windows\system32\igfxsrvc . exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer . exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe C:\Program Files\Windows Live\Mail\wlmail . exe C:\Windows\system32\wuauclt . exe C:\Program Files\Microsoft Office\Office12\WINWORD . EXE C:\Program Files\Adobe\Reader 8 . 0\Reader\AcroRd32 . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe C:\Windows\system32\DllHost . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . google . co . nz/ig/dell?hl=en&client=dell-row&channel=nz&ibd=6080520" target="_blank">www . google . co . nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . google . co . nz/ig/dell?hl=en&client=dell-row&channel=nz&ibd=6080520" target="_blank">www . google . co . nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho . dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE . dll O4 - HKLM\ . . \Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui . exe -hide O4 - HKLM\ . . \Run: [ECenter] C:\Dell\E-Center\EULALauncher . exe O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [RtHDVCpl] RtHDVCpl . exe O4 - HKLM\ . . \Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR . EXE" O4 - HKLM\ . . \Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher . exe" /startup O4 - HKLM\ . . \Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif . exe O4 - HKLM\ . . \Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS . exe O4 - HKLM\ . . \Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr . exe" /s O4 - HKLM\ . . \Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv . exe" O4 - HKLM\ . . \Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe" /startup O4 - HKLM\ . . \Run: [mcagent_exe] "C:\Program Files\McAfee . com\Agent\mcagent . exe" /runkey O4 - HKLM\ . . \Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca . exe" O4 - HKLM\ . . \Run: [Kernel and Hardware Abstraction Layer] KHALMNPR . EXE O4 - HKLM\ . . \Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd . exe" /P DellSupportCenter O4 - HKLM\ . . \Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor . exe" O4 - HKLM\ . . \Run: [Apoint] C:\Program Files\Apoint2K\Apoint . exe O4 - HKLM\ . . \Run: [IgfxTray] C:\Windows\system32\igfxtray . exe O4 - HKLM\ . . \Run: [HotKeysCmds] C:\Windows\system32\hkcmd . exe O4 - HKLM\ . . \Run: [Persistence] C:\Windows\system32\igfxpers . exe O4 - HKLM\ . . \Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKCU\ . . \Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd . exe" /P DellSupportCenter O4 - HKCU\ . . \Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [WindowsWelcomeCenter] rundll32 . exe oobefldr . dll,ShowWelcomeCenter O4 - Global Startup: Bluetooth . lnk = ? O4 - Global Startup: SetPoint . lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL . EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device . . . - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx . htm O8 - Extra context menu item: Send page to &Bluetooth Device . . . - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie . htm O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl . htm O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl . htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension . dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension . dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR . DLL O9 - Extra button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my . xunlei . com (file missing) O9 - Extra 'Tools' menuitem: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my . xunlei . com (file missing) O9 - Extra button: @btrez . dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie . htm O9 - Extra 'Tools' menuitem: @btrez . dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie . htm O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices . dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1 . DLL O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\StormII\stormliv . exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng . exe O23 - Service: Google Desktop Manager 5 . 7 . 801 . 7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc . - C:\PROGRA~1\McAfee\MSC\mcmscsvc . exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc . - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc . exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc . - C:\PROGRA~1\McAfee\VIRUSS~1\mcods . exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc . - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy . exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc . - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield . exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc . - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon . exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc . - C:\Program Files\McAfee\MPF\MPFSrv . exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc . - C:\Program Files\McAfee\MSK\MskSrver . exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc . - C:\Program Files\Dell Support Center\bin\sprtsvc . exe O23 - Service: stllssvr - MicroVision Development, Inc . - C:\Program Files\Common Files\SureThing Shared\stllssvr . exe -- End of file - 10463 bytes |
Zheng (13803) | ||
| 756300 | 2009-03-14 09:36:00 | Uninstall Stormliv, it looks like its some kind of malware Tick these then tick fix checked Close browsers Disable system restore, wherever it is Uninstall all versions of Java, its out of date then update it. Link below O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background What does WebThunder.exe do?? if you dont know, uninstall it These entries look suss O9 - Extra button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\StormII\stormliv.exe |
Speedy Gonzales (78) | ||
| 756301 | 2009-03-14 10:37:00 | Download MBAM and do a full scan. download.cnet.com |
Blam (54) | ||
| 1 | |||||